Burp
Some useful tips I used
Plugins development link:
- https://parsiya.net/blog/2018-12-24-cryptography-in-python-burp-extensions/
- https://gist.github.com/coffeetocode/6559127
- https://www.secforce.com/blog/2018/12/burp-extension-hmac-signature-in-custom-http-header/
- https://github.com/pentestpartners/snippets/blob/master/hmac.py
Warning some module cannot be imported, like cryptographic since it’s a C module. Burp plugins are jython…
Burp collaborator
- Useful links
-
Create an instance on AWS. Configure security policy (ports) to attach it to the EC2 instance, with the following port:
- 22
- 25
- 53 - TCP & UDP
- 80
- 443
- 465
- 587
- 9090
- 9443
-
Register burp instance
-
Upload burp instance to the server
-
Buy a domain name (OVH is fine)
-
Download java on server in order to be able to run java -jar burp.jar
-
Install certbot (apt install certbot)
-
Run it (wait 5-10 minutes after 2nd hash to add to DNS configuration)
sudo certbot certonly -d collab.leaker.ovh -d *.collab.leaker.ovh --server https://acme-v02.api.letsencrypt.org/directory --manual --agree-tos --no-eff-email --manual-public-ip-logging-ok --preferred-challenges dns-01
- Update DNS configuration with
_acme-challenge.collab.leaker.ovh. Step 9 will be done LATER - Generated certificate will be in
/etc/letsencrypt/archive/collab.leaker.ovh/ - Configure DNS (OVH interface)
collab.leaker.ovh NS ns1.collab.leaker.ovh
leaker.ovh A <IP.server>
collab.leaker.ovh A <IP.server>
ns1.collab.leaker.ovh A <IP.server>
ftp.leaker.ovh CNAME <IP.server>
# Leave the rest
# Do not touch DNS Servers or Glue server
- Configure burp collaborator
{
"serverDomain" : "collab.leaker.ovh",
"workerThreads": 2,
"eventCapture": {
"publicAddress": "15.236.152.65",
"localAddress": "172.31.26.249",
"http": {
"ports" : 3380
},
"https": {
"ports" : 33443
},
"ssl": {
"certificateFiles" : [
"/home/ubuntu/collab/certs/privkey2.pem",
"/home/ubuntu/collab/certs/cert2.pem",
"/home/ubuntu/collab/certs/fullchain2.pem"
]
},
"smtp": {
"ports" : [3325, 33587]
},
"smtps": {
"ports" : 33465
}
},
"polling" : {
"localAddress": "172.31.26.249",
"publicAddress" : "0.0.0.0",
"http": {
"port" : 39090
},
"https": {
"port" : 39443
},
"ssl": {
"certificateFiles" : [
"/home/ubuntu/collab/certs/privkey2.pem",
"/home/ubuntu/collab/certs/cert2.pem",
"/home/ubuntu/collab/certs/fullchain2.pem"
]
}
},
"metrics": {
"path": "metrics_PATH",
"addressWhitelist": ["<IP>"]
},
"dns": {
"interfaces" : [{
"name": "ns1",
"publicAddress": "15.236.152.65",
"localAddress": "172.31.26.249"
}],
"ports" : 3353
},
"logLevel" : "INFO"
}
In order to run java without root rights, I add some iptables rules:
sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 465 -j REDIRECT --to-port 33465
sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 587 -j REDIRECT --to-port 33587
sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3380
sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 25 -j REDIRECT --to-port 3325
sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 33443
sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 53 -j REDIRECT --to-port 3353
sudo iptables -t nat -A PREROUTING -i eth0 -p udp --dport 53 -j REDIRECT --to-port 3353
sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 9090 -j REDIRECT --to-port 39090
sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 9443 -j REDIRECT --to-port 39443
- Run burp collaborator
$ java -jar burpsuite_pro_v1.7.37.jar --collaborator-server --collaborator-config=collaborator.config
- Update certificate
- Edit DNS configuration: rename collab to collab2 (2 times)
- Re run certbot (Step 6). Wait 5-10 minutes after last hash to add to
_acme-challenge.collab.leaker.ovh